1. Field of the Invention
The present invention generally relates to image processing apparatuses and data erasing methods. Particularly, the invention relates to an image processing apparatus and data erasing method for unrecoverably erasing encrypted data recorded in an auxiliary storage device.
2. Description of the Related Art
With the increasing awareness of security issues in recent years, there is a growing need for information security management systems in offices and the like. While management of the security of information handled in personal computers (PCs) is now commonplace, there is also the need for managing the security of data handled in image processing apparatuses, such as multifunction peripherals (MFPs) in offices.
In the hard disk drive (HDD) of an MFP, system information and user information as well as image data (which may be hereafter referred to as “data and the like”) are recorded. The HDD is a nonvolatile storage device that retains data even after power supply to the drive is terminated. Thus, in order to protect the data and the like recorded in the HDD from security threats, the following methods may be taken in conventional MFPs.
In a first method, the data and the like in the HDD is encrypted. In a second method, the entire contents of the HDD are destroyed when the HDD is discarded or the system is initialized. In a third method, data that has become unnecessary for the operation of the system is completely erased.
The first method, i.e., encryption of data, is often implemented by hardware in conventional MFPs, using high-speed encryption methods that are suitable for hardware implementation, such as the Advanced Encryption Standard (AES).
The second method, i.e., the destruction of the entire data (to be hereafter referred to as an “all-at-once erasure”) leaves the possibility that the erased data may be recovered using an analysis tool if the erasure process is based on formatting or the like, which simply releases or makes available an area in which the erased data was stored. Thus, the data that needs to be erased is typically overwritten, as discussed in Japanese Laid-Open Patent Application No. 2006-262402.
In the third method, the data that has become unnecessary for the normal operation of the system is completely erased as soon as possible (to be hereafter referred to as “consecutive erasure”), so that the amount of remaining data that may cause a security problem can be minimized.
In the conventional MFPs, in order to completely erase data or the like by either the all-at-once erasure or consecutive erasure technique, data erasure based on formatting or the like as conventionally performed by the system is insufficient. Unless the data is overwritten a plurality of times, the data remains on the HDD. Such overwriting of data or the like puts much load on the central processing unit (CPU), thereby preventing an increase in processing speed.